Analyse hijackthis Svp merci
Fermé
val57200
-
3 mars 2008 à 18:28
Maijin Messages postés 1385 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 28 juin 2009 - 4 mars 2008 à 21:25
Maijin Messages postés 1385 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 28 juin 2009 - 4 mars 2008 à 21:25
A voir également:
- Analyse hijackthis Svp merci
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse composant pc - Guide
- Analyse batterie pc - Guide
6 réponses
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
3 mars 2008 à 18:43
3 mars 2008 à 18:43
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
telecharge combofix choisis l'option 1 puis copie/colle le rapports.
telecharge combofix choisis l'option 1 puis copie/colle le rapports.
ComboFix 08-03-03.15 - latz 2008-03-03 19:48:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.544 [GMT 1:00]
Endroit: C:\Documents and Settings\latz\Bureau\divers\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\KYE\bumiv89104.dll
C:\WINDOWS\Fonts\-
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\iiffeee.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
.
---- Previous Run -------
.
C:\Documents and Settings\latz\Application Data\urlredir.cfg
C:\Documents and Settings\tophe\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\tophe\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.inf
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias.xml
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\PerfInfo
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ncntmlwb.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\winpfz37.sys
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.
2008-03-03 18:21 . 2008-03-03 18:21 49,171 --a------ C:\WINDOWS\system32\klwnw64r.exe
2008-03-03 16:57 . 2008-03-03 16:57 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-03 16:55 . 2008-03-03 16:55 134 --a------ C:\n.bat
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\ev4
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\bv2
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\ax9
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\Temp\sanR24
2008-03-03 16:54 . 2008-03-03 19:38 <REP> d-------- C:\Temp
2008-03-03 16:54 . 2008-03-03 16:54 49,159 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-02-29 13:39 . 2008-02-29 13:39 <REP> d-------- C:\Program Files\Transsoft Games
2008-02-29 13:32 . 2008-02-29 13:34 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-29 13:32 . 2008-02-29 13:32 <REP> d-------- C:\Program Files\Reference Assemblies
2008-02-29 13:32 . 2008-02-29 13:32 <REP> d-------- C:\Program Files\MSBuild
2008-02-29 13:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-29 13:28 . 2008-02-29 13:28 <REP> d-------- C:\Program Files\MSXML 6.0
2008-02-27 19:35 . 2008-02-27 19:36 <REP> d-------- C:\Program Files\iTunes
2008-02-27 19:35 . 2008-02-27 19:35 <REP> d-------- C:\Program Files\iPod
2008-02-24 19:28 . 2008-02-24 19:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar
2008-02-23 18:58 . 2008-02-23 20:22 <REP> d-------- C:\Program Files\Wanadoo Jeux
2008-02-22 20:37 . 2008-03-03 19:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-22 20:37 . 2008-02-22 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 11:14 . 2008-02-22 11:14 <REP> d-------- C:\Program Files\CDBurnerXP Pro 3
2008-02-22 10:15 . 2008-02-26 17:20 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-21 19:44 . 2008-02-21 19:44 <REP> d-------- C:\Program Files\Lavasoft
2008-02-21 19:44 . 2008-02-21 19:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-02-21 19:43 . 2008-02-21 19:43 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 11:21 . 2008-02-21 11:21 <REP> d-------- C:\Documents and Settings\latz\Application Data\AdobeUM
2008-02-21 09:31 . 2008-02-21 09:32 <REP> d-------- C:\Documents and Settings\latz\Application Data\DivX
2008-02-21 09:29 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-02-21 09:29 . 2008-01-04 22:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 09:29 . 2008-01-04 22:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 13:41 . 2008-02-28 12:13 954 --a------ C:\WINDOWS\cdplayer.ini
2008-02-20 10:14 . 2008-02-20 10:14 <REP> d-------- C:\Documents and Settings\latz\Application Data\Uniblue
2008-02-20 09:52 . 2008-03-03 18:04 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-20 09:10 . 2008-02-20 09:11 <REP> d-------- C:\Documents and Settings\latz\Application Data\Ahead
2008-02-20 09:02 . 2008-02-20 09:02 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-20 09:02 . 2008-02-20 10:04 <REP> d-------- C:\Documents and Settings\latz\Application Data\DAEMON Tools
2008-02-20 08:40 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-20 08:40 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-20 08:40 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-20 08:22 . 2008-02-27 19:36 <REP> d-------- C:\Documents and Settings\latz\Application Data\Apple Computer
2008-02-19 11:34 . 2008-02-19 11:34 <REP> d-------- C:\Program Files\LimeWire
2008-02-19 11:34 . 2008-03-03 18:17 <REP> d-------- C:\Documents and Settings\latz\Application Data\LimeWire
2008-02-18 09:59 . 2008-02-18 09:59 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-16 17:59 . 2008-03-02 16:14 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-16 17:59 . 2008-02-16 18:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Go Go Gourmet
2008-02-14 17:31 . 2008-02-27 19:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-14 17:31 . 2008-02-14 17:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-02-14 14:24 . 2008-02-14 14:24 44 --a------ C:\WINDOWS\liveup.ini
2008-02-13 19:50 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-13 14:27 . 2008-03-03 18:35 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 14:27 . 2008-03-03 18:42 5,578 --a------ C:\WINDOWS\unins000.dat
2008-02-13 14:18 . 2008-03-03 18:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-13 11:48 . 2004-01-05 10:44 90,112 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-02-12 19:05 . 2008-02-12 19:05 10,172 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-12 12:54 . 2008-02-12 12:54 <REP> d-------- C:\Program Files\Picasa2
2008-02-12 12:54 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-12 12:54 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-12 12:49 . 2004-08-20 00:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-12 12:49 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-12 08:42 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-12 01:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-12 01:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-12 01:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-11 21:52 . 2008-02-11 21:52 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-11 21:49 . 2008-02-27 10:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-02-11 17:41 . 2008-02-11 17:41 <REP> d-------- C:\Documents and Settings\latz\Application Data\acccore
2008-02-11 17:40 . 2008-02-11 17:40 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-02-11 17:40 . 2008-02-11 17:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-02-11 17:40 . 2008-02-11 17:40 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-02-11 17:39 . 2008-02-11 17:40 439 --ah----- C:\IPH.PH
2008-02-11 07:11 . 2008-02-11 07:11 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-02-10 13:34 . 2008-02-10 13:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-10 13:34 . 2008-02-10 13:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-10 13:28 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 13:28 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 13:28 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 13:28 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 13:28 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 13:28 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 13:28 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 13:28 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 13:28 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 13:24 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-10 13:17 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-10 13:17 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-10 13:17 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-10 12:03 . 2007-08-13 18:44 69,120 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-10 12:02 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-10 11:55 . 2004-01-05 10:44 38,879 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-02-10 11:55 . 2008-02-10 11:34 29,056 --------- C:\WINDOWS\hpoins03.dat.temp
2008-02-10 11:53 . 2004-01-05 10:44 565,248 -ra------ C:\WINDOWS\system32\hpotscl.dll
2008-02-10 11:53 . 2004-01-05 10:44 274,432 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-02-10 11:53 . 2004-08-04 06:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-10 11:53 . 2004-08-04 06:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-10 11:48 . 2008-02-10 11:48 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu D‚marrer
2008-02-10 11:30 . 2008-02-20 08:38 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-10 11:30 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-10 11:17 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 18:50 --------- d-----w C:\Program Files\KYE
2008-03-03 18:38 --------- d-----w C:\Program Files\GamesBar
2008-03-03 17:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 15:57 118,342 ----a-w C:\WINDOWS\Fonts\x.zip
2008-03-03 06:39 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-02-27 09:48 --------- d-----w C:\Program Files\MSN Messenger
2008-02-27 07:54 --------- d-----w C:\Program Files\Windows Live
2008-02-21 10:26 --------- d-----w C:\Program Files\Legacy Interactive
2008-02-21 10:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-21 08:29 --------- d-----w C:\Program Files\DivX
2008-02-20 08:46 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-02-20 07:29 --------- d-----w C:\Program Files\VideoLAN
2008-02-18 08:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-14 16:32 --------- d---a-w C:\Program Files\QuickTime
2008-02-14 11:32 --------- d-----w C:\Program Files\Shareaza Applications
2008-02-13 18:50 --------- d-----w C:\Program Files\Shareaza
2008-02-11 16:40 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 16:40 --------- d-----w C:\Program Files\AIM6
2008-02-11 07:56 --------- d-----w C:\Program Files\WordBiz
2008-02-10 16:11 --------- d-----w C:\Program Files\ODS
2008-02-10 08:10 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-09 22:34 --------- d-----w C:\Program Files\Magentic
2008-02-09 22:22 --------- d-----w C:\Program Files\Google
2008-02-09 22:21 --------- d-----w C:\Program Files\IncrediMail
2008-02-09 21:55 --------- d-----w C:\Program Files\Wanadoo
2008-02-09 21:47 --------- d-----w C:\Program Files\Java
2008-02-09 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 20:48 558,142 ----a-w C:\WINDOWS\java\Packages\4131BTJ3.ZIP
2008-02-09 20:48 155,995 ----a-w C:\WINDOWS\java\Packages\CHZTV5BD.ZIP
2008-02-02 13:17 --------- d-----w C:\Program Files\Yahoo!
2008-02-02 13:17 --------- d-----w C:\Program Files\Webtarot
2008-02-02 13:17 --------- d-----w C:\Program Files\Sunbelt Software
2008-02-02 13:17 --------- d-----w C:\Program Files\Plus!
2008-02-02 13:17 --------- d-----w C:\Program Files\Online_TV
2008-02-02 13:17 --------- d-----w C:\Program Files\MSN Games
2008-02-02 13:17 --------- d-----w C:\Program Files\ColiPoste
2008-02-02 13:17 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 08:24 --------- d-----w C:\Program Files\eMule
2008-01-28 20:53 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-28 09:57 --------- d-----w C:\Program Files\Alawar
2008-01-28 08:38 --------- d-----w C:\Program Files\Burger Shop
2008-01-24 09:20 --------- d-----w C:\Program Files\Fichiers communs\element5 Shared
2008-01-16 15:01 --------- d-----w C:\Program Files\DaViDeo2
2008-01-06 20:40 --------- d-----w C:\Program Files\Microsoft AutoRoute
2008-01-06 11:01 --------- d-----w C:\Program Files\ScanSoft
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-20 16:14 13,044,093 ----a-w C:\Upload_Me.zip
2007-11-18 17:38 2,446 -c--a-w C:\Program Files\valerie.txt
2007-10-22 10:45 8 -c--a-w C:\Program Files\nomutil.txt
2007-10-01 11:15 290,830 ----a-w C:\WINDOWS\Fonts\Setup.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDCA7F6A-F7AF-4D66-AE78-11B5AE511DDF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-23 12:30 214456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 09:48 68856]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 19:55 475180]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Aim6"="" []
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-11-07 07:00 8523776]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-07 07:00 81920]
"nForce Tray Options"="sstray.exe" [2003-08-13 05:25 73728 C:\WINDOWS\system32\sstray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 10:44 176128]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 00:09 160768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"NWEReboot"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^latz^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=C:\Documents and Settings\latz\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^latz^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\latz\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\ncntmlwb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-07 07:00 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
C:\windows\system32\rlvknlg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000106.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{54-42-22-20-DW}]
--a------ 2008-03-03 18:21 49171 c:\windows\system32\klwnw64r.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\Silicon Image\\Java SATARaid\\SiITray.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"G:\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 07:01]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-10-16 23:27]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 18:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 19:54:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-03 19:59:11 - machine was rebooted [latz]
ComboFix-quarantined-files.txt 2008-03-03 18:59:08
.
2008-03-01 07:34:27 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.544 [GMT 1:00]
Endroit: C:\Documents and Settings\latz\Bureau\divers\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\KYE\bumiv89104.dll
C:\WINDOWS\Fonts\-
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\iiffeee.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
.
---- Previous Run -------
.
C:\Documents and Settings\latz\Application Data\urlredir.cfg
C:\Documents and Settings\tophe\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\tophe\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.inf
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias.xml
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\PerfInfo
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ncntmlwb.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\winpfz37.sys
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.
2008-03-03 18:21 . 2008-03-03 18:21 49,171 --a------ C:\WINDOWS\system32\klwnw64r.exe
2008-03-03 16:57 . 2008-03-03 16:57 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-03 16:55 . 2008-03-03 16:55 134 --a------ C:\n.bat
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\ev4
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\bv2
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\WINDOWS\system32\ax9
2008-03-03 16:54 . 2008-03-03 16:54 <REP> d-------- C:\Temp\sanR24
2008-03-03 16:54 . 2008-03-03 19:38 <REP> d-------- C:\Temp
2008-03-03 16:54 . 2008-03-03 16:54 49,159 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-02-29 13:39 . 2008-02-29 13:39 <REP> d-------- C:\Program Files\Transsoft Games
2008-02-29 13:32 . 2008-02-29 13:34 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-29 13:32 . 2008-02-29 13:32 <REP> d-------- C:\Program Files\Reference Assemblies
2008-02-29 13:32 . 2008-02-29 13:32 <REP> d-------- C:\Program Files\MSBuild
2008-02-29 13:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-29 13:28 . 2008-02-29 13:28 <REP> d-------- C:\Program Files\MSXML 6.0
2008-02-27 19:35 . 2008-02-27 19:36 <REP> d-------- C:\Program Files\iTunes
2008-02-27 19:35 . 2008-02-27 19:35 <REP> d-------- C:\Program Files\iPod
2008-02-24 19:28 . 2008-02-24 19:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar
2008-02-23 18:58 . 2008-02-23 20:22 <REP> d-------- C:\Program Files\Wanadoo Jeux
2008-02-22 20:37 . 2008-03-03 19:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-22 20:37 . 2008-02-22 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 11:14 . 2008-02-22 11:14 <REP> d-------- C:\Program Files\CDBurnerXP Pro 3
2008-02-22 10:15 . 2008-02-26 17:20 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-21 19:44 . 2008-02-21 19:44 <REP> d-------- C:\Program Files\Lavasoft
2008-02-21 19:44 . 2008-02-21 19:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-02-21 19:43 . 2008-02-21 19:43 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 11:21 . 2008-02-21 11:21 <REP> d-------- C:\Documents and Settings\latz\Application Data\AdobeUM
2008-02-21 09:31 . 2008-02-21 09:32 <REP> d-------- C:\Documents and Settings\latz\Application Data\DivX
2008-02-21 09:29 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-02-21 09:29 . 2008-01-04 22:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 09:29 . 2008-01-04 22:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-02-20 13:41 . 2008-02-28 12:13 954 --a------ C:\WINDOWS\cdplayer.ini
2008-02-20 10:14 . 2008-02-20 10:14 <REP> d-------- C:\Documents and Settings\latz\Application Data\Uniblue
2008-02-20 09:52 . 2008-03-03 18:04 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-20 09:10 . 2008-02-20 09:11 <REP> d-------- C:\Documents and Settings\latz\Application Data\Ahead
2008-02-20 09:02 . 2008-02-20 09:02 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-20 09:02 . 2008-02-20 10:04 <REP> d-------- C:\Documents and Settings\latz\Application Data\DAEMON Tools
2008-02-20 08:40 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-20 08:40 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-20 08:40 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-20 08:22 . 2008-02-27 19:36 <REP> d-------- C:\Documents and Settings\latz\Application Data\Apple Computer
2008-02-19 11:34 . 2008-02-19 11:34 <REP> d-------- C:\Program Files\LimeWire
2008-02-19 11:34 . 2008-03-03 18:17 <REP> d-------- C:\Documents and Settings\latz\Application Data\LimeWire
2008-02-18 09:59 . 2008-02-18 09:59 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-16 17:59 . 2008-03-02 16:14 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-16 17:59 . 2008-02-16 18:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Go Go Gourmet
2008-02-14 17:31 . 2008-02-27 19:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-14 17:31 . 2008-02-14 17:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-02-14 14:24 . 2008-02-14 14:24 44 --a------ C:\WINDOWS\liveup.ini
2008-02-13 19:50 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-13 14:27 . 2008-03-03 18:35 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 14:27 . 2008-03-03 18:42 5,578 --a------ C:\WINDOWS\unins000.dat
2008-02-13 14:18 . 2008-03-03 18:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-13 11:48 . 2004-01-05 10:44 90,112 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-02-12 19:05 . 2008-02-12 19:05 10,172 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-12 12:54 . 2008-02-12 12:54 <REP> d-------- C:\Program Files\Picasa2
2008-02-12 12:54 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-12 12:54 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-12 12:49 . 2004-08-20 00:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-12 12:49 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-12 08:42 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-12 01:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-12 01:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-12 01:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-11 21:52 . 2008-02-11 21:52 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-11 21:49 . 2008-02-27 10:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-02-11 17:41 . 2008-02-11 17:41 <REP> d-------- C:\Documents and Settings\latz\Application Data\acccore
2008-02-11 17:40 . 2008-02-11 17:40 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-02-11 17:40 . 2008-02-11 17:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-02-11 17:40 . 2008-02-11 17:40 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-02-11 17:39 . 2008-02-11 17:40 439 --ah----- C:\IPH.PH
2008-02-11 07:11 . 2008-02-11 07:11 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-02-10 13:34 . 2008-02-10 13:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-10 13:34 . 2008-02-10 13:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-10 13:28 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 13:28 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 13:28 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 13:28 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 13:28 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 13:28 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 13:28 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 13:28 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 13:28 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 13:24 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-10 13:17 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-10 13:17 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-10 13:17 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-10 12:03 . 2007-08-13 18:44 69,120 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-10 12:02 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-10 11:55 . 2004-01-05 10:44 38,879 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-02-10 11:55 . 2008-02-10 11:34 29,056 --------- C:\WINDOWS\hpoins03.dat.temp
2008-02-10 11:53 . 2004-01-05 10:44 565,248 -ra------ C:\WINDOWS\system32\hpotscl.dll
2008-02-10 11:53 . 2004-01-05 10:44 274,432 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-02-10 11:53 . 2004-08-04 06:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-10 11:53 . 2004-08-04 06:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-10 11:48 . 2008-02-10 11:48 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu D‚marrer
2008-02-10 11:30 . 2008-02-20 08:38 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-10 11:30 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-10 11:17 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 18:50 --------- d-----w C:\Program Files\KYE
2008-03-03 18:38 --------- d-----w C:\Program Files\GamesBar
2008-03-03 17:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 15:57 118,342 ----a-w C:\WINDOWS\Fonts\x.zip
2008-03-03 06:39 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-02-27 09:48 --------- d-----w C:\Program Files\MSN Messenger
2008-02-27 07:54 --------- d-----w C:\Program Files\Windows Live
2008-02-21 10:26 --------- d-----w C:\Program Files\Legacy Interactive
2008-02-21 10:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-21 08:29 --------- d-----w C:\Program Files\DivX
2008-02-20 08:46 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-02-20 07:29 --------- d-----w C:\Program Files\VideoLAN
2008-02-18 08:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-14 16:32 --------- d---a-w C:\Program Files\QuickTime
2008-02-14 11:32 --------- d-----w C:\Program Files\Shareaza Applications
2008-02-13 18:50 --------- d-----w C:\Program Files\Shareaza
2008-02-11 16:40 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 16:40 --------- d-----w C:\Program Files\AIM6
2008-02-11 07:56 --------- d-----w C:\Program Files\WordBiz
2008-02-10 16:11 --------- d-----w C:\Program Files\ODS
2008-02-10 08:10 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-09 22:34 --------- d-----w C:\Program Files\Magentic
2008-02-09 22:22 --------- d-----w C:\Program Files\Google
2008-02-09 22:21 --------- d-----w C:\Program Files\IncrediMail
2008-02-09 21:55 --------- d-----w C:\Program Files\Wanadoo
2008-02-09 21:47 --------- d-----w C:\Program Files\Java
2008-02-09 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 20:48 558,142 ----a-w C:\WINDOWS\java\Packages\4131BTJ3.ZIP
2008-02-09 20:48 155,995 ----a-w C:\WINDOWS\java\Packages\CHZTV5BD.ZIP
2008-02-02 13:17 --------- d-----w C:\Program Files\Yahoo!
2008-02-02 13:17 --------- d-----w C:\Program Files\Webtarot
2008-02-02 13:17 --------- d-----w C:\Program Files\Sunbelt Software
2008-02-02 13:17 --------- d-----w C:\Program Files\Plus!
2008-02-02 13:17 --------- d-----w C:\Program Files\Online_TV
2008-02-02 13:17 --------- d-----w C:\Program Files\MSN Games
2008-02-02 13:17 --------- d-----w C:\Program Files\ColiPoste
2008-02-02 13:17 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 08:24 --------- d-----w C:\Program Files\eMule
2008-01-28 20:53 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-28 09:57 --------- d-----w C:\Program Files\Alawar
2008-01-28 08:38 --------- d-----w C:\Program Files\Burger Shop
2008-01-24 09:20 --------- d-----w C:\Program Files\Fichiers communs\element5 Shared
2008-01-16 15:01 --------- d-----w C:\Program Files\DaViDeo2
2008-01-06 20:40 --------- d-----w C:\Program Files\Microsoft AutoRoute
2008-01-06 11:01 --------- d-----w C:\Program Files\ScanSoft
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-20 16:14 13,044,093 ----a-w C:\Upload_Me.zip
2007-11-18 17:38 2,446 -c--a-w C:\Program Files\valerie.txt
2007-10-22 10:45 8 -c--a-w C:\Program Files\nomutil.txt
2007-10-01 11:15 290,830 ----a-w C:\WINDOWS\Fonts\Setup.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDCA7F6A-F7AF-4D66-AE78-11B5AE511DDF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-23 12:30 214456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 09:48 68856]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 19:55 475180]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Aim6"="" []
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-11-07 07:00 8523776]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-07 07:00 81920]
"nForce Tray Options"="sstray.exe" [2003-08-13 05:25 73728 C:\WINDOWS\system32\sstray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 10:44 176128]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 00:09 160768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"NWEReboot"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^latz^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=C:\Documents and Settings\latz\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^latz^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\latz\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\ncntmlwb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-07 07:00 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
C:\windows\system32\rlvknlg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000106.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{54-42-22-20-DW}]
--a------ 2008-03-03 18:21 49171 c:\windows\system32\klwnw64r.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\Silicon Image\\Java SATARaid\\SiITray.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"G:\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 07:01]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-10-16 23:27]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 18:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 19:54:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-03 19:59:11 - machine was rebooted [latz]
ComboFix-quarantined-files.txt 2008-03-03 18:59:08
.
2008-03-01 07:34:27 --- E O F ---
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
3 mars 2008 à 20:36
3 mars 2008 à 20:36
refait un scan hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:39, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\latz\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://bitdefender.solutions-antivirus.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Scan saved at 20:04:39, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\latz\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://bitdefender.solutions-antivirus.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
4 mars 2008 à 21:10
4 mars 2008 à 21:10
relance combofix car il en reste 1 (y en avait plusieurs)
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
4 mars 2008 à 21:25
4 mars 2008 à 21:25
Et puis antivirus tu connais ???
telecharge cet antivirus (un des plus puissant et GRATUIT)
http://www.commentcamarche.net/telecharger/telecharger 55 antivir
et puis le tuto ou tout est expliqué
http://speedweb1.free.fr/frames2.php?page=tuto5
telecharge cet antivirus (un des plus puissant et GRATUIT)
http://www.commentcamarche.net/telecharger/telecharger 55 antivir
et puis le tuto ou tout est expliqué
http://speedweb1.free.fr/frames2.php?page=tuto5
